50ebd467c3
Polish Default Login Page
...
Issue gh-17901
2025-09-23 17:59:23 -06:00
42376e2eee
Prepopulate Username When Known
...
Closes gh-17935
2025-09-23 17:59:22 -06:00
e813aad82b
Support Showing One Part of Login Page
...
Closes gh-17901
2025-09-23 17:59:21 -06:00
9f317757c3
Make Public Missing Authority AccessDeniedHandler
...
Issue gh-17934
2025-09-23 17:59:19 -06:00
df7a7cdc99
Update Test for Method Security
...
Issue gh-17936
2025-09-23 17:16:33 -06:00
e66c498d80
Redirect to Appropriate Entry Point Based on Missing Authorities
...
Issue gh-17934
2025-09-23 17:16:32 -06:00
fe17f2904d
Initial Exception Handling
...
This commit hardcodes factors as a proof of concept for
multi-factor authentication
Issue gh-17934
2025-09-23 17:16:30 -06:00
549569ea55
Add DefaultAuthorizationManagerFactory.additionalAuthorization
2025-09-23 16:52:10 -05:00
1608465a38
DefaultAuthorizationManagerFactory additionalAuthorization
...
This commit adds AuthorizationManager<T> additionalAuthorization to
DefaultAuthorizationManagerFactory which can be used for multi factor
authorization.
There is a builder that allows for creating an instance that requires
static additional authorities, but for more advanced cases users can
inject an additionalAuthorization that looks up if the user has settings
that enable additional required authorities.
The builder can later be updated to support checking that a particular
authority was granted within a specified amount of time.
Issue gh-17900
2025-09-23 15:25:26 -05:00
459b872a20
Cleanup Kotlin AuthorizationManagerFactory Generics
...
This cleans up the generic types within the Kotlin DSL that reference
AuthorizationManagerFactory
Issue gh-17860
2025-09-23 10:32:02 -05:00
628f3da30b
Revert "Add AuthorityUtils Methods"
...
This reverts commit 50bdaeb100
2025-09-22 12:26:07 -06:00
5ca5aca48e
Add Null Guard
...
Issue gh-17933
2025-09-22 12:23:29 -06:00
c61f53ad64
Copy Query to Parameters
...
Issue gh-17450
2025-09-22 12:17:24 -06:00
50bdaeb100
Add AuthorityUtils Methods
...
This commit adds a couple of utility methods for working with authorities
by type. Now that there are infrastructural authorities that Spring Secuirty
works with directly, it's helpful to be able to filter them out of the
authority list.
2025-09-22 11:42:14 -06:00
b31fdcd89f
Merge branch '6.5.x'
2025-09-22 11:57:34 -05:00
1878a1e03b
Merge branch '6.4.x' into 6.5.x
2025-09-22 11:57:26 -05:00
f0f57ad560
Bump org.assertj:assertj-core from 3.27.4 to 3.27.5
2025-09-22 11:57:04 -05:00
93ded52236
Bump org.gretty:gretty from 4.1.7 to 4.1.10
2025-09-22 11:57:02 -05:00
329af112ed
Bump com.webauthn4j:webauthn4j-core from 0.29.5.RELEASE to 0.29.6.RELEASE
2025-09-22 11:55:59 -05:00
3f1a60b0b8
Bump com.google.code.gson:gson from 2.13.1 to 2.13.2
2025-09-22 11:55:56 -05:00
67373e8c13
Bump org.assertj:assertj-core from 3.27.4 to 3.27.5
2025-09-22 11:55:54 -05:00
4ef16b14d2
Update terminology to HTTP Service Clients
...
Closes gh-17947
2025-09-22 10:09:04 -05:00
7d93186c69
Bump org.gretty:gretty from 4.1.7 to 4.1.10
...
Bumps [org.gretty:gretty](https://github.com/gretty-gradle-plugin/gretty ) from 4.1.7 to 4.1.10.
- [Release notes](https://github.com/gretty-gradle-plugin/gretty/releases )
- [Changelog](https://github.com/gretty-gradle-plugin/gretty/blob/master/changes.md )
- [Commits](https://github.com/gretty-gradle-plugin/gretty/compare/v4.1.7...v4.1.10 )
---
updated-dependencies:
- dependency-name: org.gretty:gretty
dependency-version: 4.1.10
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com >
2025-09-22 03:22:10 +00:00
ae4b2e50e2
Bump org.gretty:gretty from 4.1.7 to 4.1.10
...
Bumps [org.gretty:gretty](https://github.com/gretty-gradle-plugin/gretty ) from 4.1.7 to 4.1.10.
- [Release notes](https://github.com/gretty-gradle-plugin/gretty/releases )
- [Changelog](https://github.com/gretty-gradle-plugin/gretty/blob/master/changes.md )
- [Commits](https://github.com/gretty-gradle-plugin/gretty/compare/v4.1.7...v4.1.10 )
---
updated-dependencies:
- dependency-name: org.gretty:gretty
dependency-version: 4.1.10
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com >
2025-09-22 03:14:46 +00:00
e323377768
Bump org.gretty:gretty from 4.1.7 to 4.1.10
...
Bumps [org.gretty:gretty](https://github.com/gretty-gradle-plugin/gretty ) from 4.1.7 to 4.1.10.
- [Release notes](https://github.com/gretty-gradle-plugin/gretty/releases )
- [Changelog](https://github.com/gretty-gradle-plugin/gretty/blob/master/changes.md )
- [Commits](https://github.com/gretty-gradle-plugin/gretty/compare/v4.1.7...v4.1.10 )
---
updated-dependencies:
- dependency-name: org.gretty:gretty
dependency-version: 4.1.10
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com >
2025-09-22 03:09:34 +00:00
68742e170c
Support Automatically Checking for Required Authorities in Authorization Rules
...
Closes: gh-17900
Signed-off-by: Andrey Litvitski <andrey1010102008@gmail.com >
2025-09-22 00:15:13 +03:00
a63e87d8fb
Remove Static Mock
...
These can cause infinite loops when running
tests in an IDE.
2025-09-19 17:53:52 -06:00
229c7bca5b
Add AuthorizationManagerFactory in Kotlin DSL
...
Closes gh-17860
2025-09-19 16:38:02 -05:00
765bdf1ed0
SpEL Expressions Support Returning AuthorizationManager
...
Closes gh-17936
2025-09-19 12:07:59 -06:00
25e413127c
Merge branch 'authentication-factors'
...
Closes gh-17933
2025-09-19 11:32:44 -06:00
1e1cb0097a
Document Authentication Factors
...
Issue gh-17933
2025-09-19 11:32:28 -06:00
6e7a181eac
Polish Authentication Factors
...
Issue gh-17933
2025-09-19 11:32:28 -06:00
758b35df9c
Add Factor Tests for Authentication Providers
...
Issue gh-17933
2025-09-19 11:32:27 -06:00
39e2bb67fc
Create Authentication Only Once
...
Issue gh-17933
2025-09-19 11:32:27 -06:00
0f4e1f2a2a
Move FACTOR_X509 into PreAuthenticatedAuthenticationProvider
...
Issue gh-17933
2025-09-19 11:32:27 -06:00
e8accd0499
Add Factory Authority When Authentication Succeeds
...
Issue gh-17933
2025-09-19 11:32:26 -06:00
9eaadcc70d
Add hasAll(Roles|Authorities) to SecurityExpressionRoot
...
This adds support for hasAllRoles and hasAllAuthorities to method security
expressions.
Issue gh-17932
2025-09-19 09:33:50 -05:00
a3b2ebff6e
Bump org.assertj:assertj-core from 3.27.4 to 3.27.5
...
Bumps [org.assertj:assertj-core](https://github.com/assertj/assertj ) from 3.27.4 to 3.27.5.
- [Release notes](https://github.com/assertj/assertj/releases )
- [Commits](https://github.com/assertj/assertj/compare/assertj-build-3.27.4...assertj-build-3.27.5 )
---
updated-dependencies:
- dependency-name: org.assertj:assertj-core
dependency-version: 3.27.5
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com >
2025-09-19 03:18:06 +00:00
476e5c5a3a
Bump org.assertj:assertj-core from 3.27.4 to 3.27.5
...
Bumps [org.assertj:assertj-core](https://github.com/assertj/assertj ) from 3.27.4 to 3.27.5.
- [Release notes](https://github.com/assertj/assertj/releases )
- [Commits](https://github.com/assertj/assertj/compare/assertj-build-3.27.4...assertj-build-3.27.5 )
---
updated-dependencies:
- dependency-name: org.assertj:assertj-core
dependency-version: 3.27.5
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com >
2025-09-19 03:08:13 +00:00
bce8049815
Web uses AuthorizationManager<? super RequestAuthorizationContext>
...
This allows AuthorizationManager<Object> to be used instead of just
AuthorizationManager<RequestAuthorizationContext>. In addition, the
code was updated to use
`AuthorizationManagerFactory<? super RequestAuthorizationContext>`
Closes gh-17931
2025-09-18 17:32:09 -05:00
675835e525
Add AuthorizationManagerFactory.hasAll(Authorities|Roles)
...
Closes gh-17932
2025-09-18 14:19:22 -05:00
0da79925cd
Bump com.google.code.gson:gson from 2.13.1 to 2.13.2
...
Bumps [com.google.code.gson:gson](https://github.com/google/gson ) from 2.13.1 to 2.13.2.
- [Release notes](https://github.com/google/gson/releases )
- [Changelog](https://github.com/google/gson/blob/main/CHANGELOG.md )
- [Commits](https://github.com/google/gson/compare/gson-parent-2.13.1...gson-parent-2.13.2 )
---
updated-dependencies:
- dependency-name: com.google.code.gson:gson
dependency-version: 2.13.2
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com >
2025-09-18 03:19:16 +00:00
c001a57ac6
Bump com.webauthn4j:webauthn4j-core
...
Bumps [com.webauthn4j:webauthn4j-core](https://github.com/webauthn4j/webauthn4j ) from 0.29.5.RELEASE to 0.29.6.RELEASE.
- [Release notes](https://github.com/webauthn4j/webauthn4j/releases )
- [Changelog](https://github.com/webauthn4j/webauthn4j/blob/master/github-release-notes-generator.yml )
- [Commits](https://github.com/webauthn4j/webauthn4j/compare/0.29.5.RELEASE...0.29.6.RELEASE )
---
updated-dependencies:
- dependency-name: com.webauthn4j:webauthn4j-core
dependency-version: 0.29.6.RELEASE
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com >
2025-09-18 03:18:08 +00:00
b007219055
Next development version
2025-09-17 15:23:57 +00:00
c43f1f85ef
Release 6.4.11
2025-09-17 14:56:44 +00:00
2abde7da16
Next development version
2025-09-17 14:32:41 +00:00
096ce047c4
Release 6.5.5
2025-09-17 14:01:10 +00:00
ebc391cb97
Merge branch '6.5.x'
2025-09-17 08:52:21 -05:00
c5d48fe3a9
Bump io.micrometer:micrometer-observation from 1.14.10 to 1.14.11
2025-09-17 08:51:01 -05:00
22a9300003
Bump jakarta.xml.bind:jakarta.xml.bind-api from 4.0.2 to 4.0.4
2025-09-17 08:50:59 -05:00
Josh Cummings